Example C Program: Importing a Plaintext Key

Many of the functions in this SDK require that you identify a key by using an HCRYPTKEY handle. If your key is contained in a byte array, you can create a handle by using the CryptImportKey function as shown in the following example.

This example demonstrates the following tasks and CryptoAPI functions:

• Acquiring a handle to a cryptographic service provider by calling CryptAcquireContext.
• Importing a plaintext key into the CSP key container by calling CryptImportKey.
• Exporting a key from the key container by calling CyptExportKey.
• Printing the exported key to the console to verify that the plaintext key was indeed imported into the container.
• Releasing the memory reserved for the plaintext key.
• Releasing the CSP by calling CryptReleaseContext.

#include <stdio.h>
#include <tchar.h>
#include <windows.h>
#include <wincrypt.h>
#pragma comment(lib, "crypt32.lib")

// DesKeyBlob: A plaintext key BLOB stored in a byte array. The 
// byte array must have the following format:
// BLOBHEADER hdr;
// DWORD dwKeySize;
// BYTE rgbKeyData [];

BYTE DesKeyBlob[] = {
 0x08,0x02,0x00,0x00,0x01,0x66,0x00,0x00, // BLOB header 
 0x08,0x00,0x00,0x00, // key length, in bytes
 0xf1,0x0e,0x25,0x7c,0x6b,0xce,0x0d,0x34 // DES key with parity
 };

int _tmain()
{
//--------------------------------------------------------------------
// Declare variables.
//
// hProv: Cryptographic service provider (CSP). This example
// uses the Microsoft Enhanced Cryptographic 
// Provider.
// hKey: Key to be used. In this example, you import the 
// key as a PLAINTEXTKEYBLOB.
// dwBlobLen: Length of the plaintext key.
// pbKeyBlob: Pointer to the exported key.

HCRYPTPROV hProv = NULL;
HCRYPTKEY hKey = NULL;
DWORD dwBlobLen;
BYTE* pbKeyBlob;

//--------------------------------------------------------------------
// Acquire a handle to the CSP.

if(!CryptAcquireContext(
 &hProv,
 NULL,
 MS_ENHANCED_PROV,
 PROV_RSA_FULL,
 CRYPT_VERIFYCONTEXT))
 {
 // If the key container cannot be opened, try creating a new
 // container by specifying a container name and setting the 
 // CRYPT_NEWKEYSET flag.
 if(NTE_BAD_KEYSET == GetLastError())
 {
 if(!CryptAcquireContext(
 &hProv,
 L"mytestcontainer",
 MS_ENHANCED_PROV,
 PROV_RSA_FULL,
 CRYPT_NEWKEYSET | CRYPT_VERIFYCONTEXT))
 {
 printf("Error in AcquireContext 0x%08x \n",
 GetLastError());
 return 1;
 }
 }
 else 
 {
 printf(" Error in AcquireContext 0x%08x \n",GetLastError());
 return 1;
 }
 }

 // Use the CryptImportKey function to import the PLAINTEXTKEYBLOB
 // BYTE array into the key container. The function returns a 
 // pointer to an HCRYPTKEY variable that contains the handle of
 // the imported key.

 if (!CryptImportKey(
 hProv,
 DesKeyBlob,
 sizeof(DesKeyBlob),
 0,
 CRYPT_EXPORTABLE,
 &hKey ) )
 {
 printf("Error 0x%08x in importing the Des key \n",
 GetLastError());
 }

 // For the purpose of this example, you can export the key and 
 // print it to verify that the plain text key created above is 
 // the key that was imported into the CSP.
 // Call CryptExportKey once to determine the length of the key.
 // Allocate memory for the BLOB, and call CryptExportKey again
 // to retrieve the key from the CSP key container.

 if(!CryptExportKey( 
 hKey, 
 NULL, 
 PLAINTEXTKEYBLOB,
 0, 
 NULL, 
 &dwBlobLen)) 
 {
 printf("Error 0x%08x computing BLOB length.\n",
 GetLastError());
 return 1;
 }

 if(pbKeyBlob = (BYTE*)malloc(dwBlobLen)) 
 {
 printf("Memory has been allocated for the BLOB. \n");
 }
 else
 {
 printf("Out of memory. \n");
 return 1;
 }

 if(!CryptExportKey( 
 hKey, 
 NULL, 
 PLAINTEXTKEYBLOB, 
 0, 
 pbKeyBlob, 
 &dwBlobLen))
 {
 printf("Error 0x%08x exporting key.\n", GetLastError());
 return 1;
 }

 DWORD count = 0;
 printf("Printing Key BLOB for verification \n");
 for(count=0; count < dwBlobLen;)
 {
 printf("%02x",pbKeyBlob[count]);
 count ++;
 }

 // Free resources.

 if(pbKeyBlob)
 {
 free(pbKeyBlob);
 }

 if(hProv)
 {
 CryptReleaseContext(hProv, 0);
 }

 return 0;
}